With cloud servers, you can launch up to nine virtual machines to practice with. Creating these in the playground saves time and eliminates the risk of misconfiguration or missing packages on your local machine while you’re still learning.
Note: This feature is available to learners with an updated Skills license or subscription, ACG Business plan license, or ACG Personal membership.
Finding cloud servers
- From your learner home page (opens in new tab), click Hands-on Playground in the Hands-on Learning widget.
- Click the Cloud Servers tab.
- From your dashboard (opens in new tab), click Playground in the navigation menu.
- Click the Cloud Servers tab.
Creating a new cloud server
- Click New Server in the Cloud Servers tab.
-
Fill out the details to configure your new cloud server:
-
Distribution: Choose a server distribution from the list. Keep in mind these have different attributes and access depending on the distribution. The following distributions are available:
- Rocky Linux 8
- Ubuntu 22.04 - Jammy Jellyfish
- Red Hat Enterprise Linux 9
- Alma Linux 9
- CentOS Stream 9
- Debian 12
- OpenSUSE Leap 15.5
- Amazon Linux 2
- CentOS 8
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Ubuntu 20.04 Focal Fossa LTS
- Alma Linux 8
- CentOS 7
- CentOS 7 w/ Docker
- CentOS w/ code-server
- Cloud Native Kubernetes
- DevOps Monitoring Deep Dive
- Elastic Certification
- Elastic Certified Analyst
- Elastic Certified Engineer
- Fedora Workstation
- Kali Linux
- Linux Essentials
- SUSE Linux Enterprise Server 15
- Rocky Linux 9 (Business plans only)
- Windows Server 2022 (Business plans only)
- Windows Server 2019 (Business plans only)
- Zone: There are five available zones to choose from: North America, Europe, Southeast Asia, Australia, and South Asia. You can only have one active zone at a time for your servers. If you want to create a server in a different zone, you must delete your existing servers first.
- Size: The available server sizes depend on the distribution you selected and how many units you have remaining. Server sizes can range from Micro (1 unit) to Large (4 units). You can have a maximum of nine total units across up to nine servers in the playground.
- Tag: Stay organized by adding an optional tag to your server. This is displayed in the Tag column of your server list.
-
Distribution: Choose a server distribution from the list. Keep in mind these have different attributes and access depending on the distribution. The following distributions are available:
- Click Create Server to spin up your cloud server. This will send you back to your cloud servers list and show the server's progress as it's created.
You’ve successfully created a cloud server. From your server list, you can stop or start a server, open the web terminal if it’s available, expand details, and perform Quick Actions.
Options in Quick actions vary from one distribution to another, but standard options allow you to reset the password for the cloud_user
, add volumes to your server, or delete the server entirely.
Important: Cloud servers are deleted after 14 days of inactivity.
Available server information
Click the caret to the far right to expand the server’s details:
-
Credential: The default username
cloud_user
and a temporary password are provided here. You'll use these credentials to access your cloud server. - IP Address: This section lists the Public IPv4 address, Private IPv4 address, and IPv6 address assigned to the server. The Public IPv4 changes every time the server is started. The Private IPv4 address and the IPv6 address remain associated with the server until it's deleted.
- Public Hostnames: This section displays the DNS hostnames automatically generated for the server. The DNS entry remains associated with the server after restart.
- System: Use this section to perform actions or open the web terminal. Cloud servers have a four-hour time limit. The Auto Shutdown field displays the time your server is set to shut down.
- Logs: This section lists the server's status actions as it changes from the time it's first created or stopped to the time it's ready to use. This lets you see the progress as the server starts up or shuts down.
Logging in to your cloud server
- Click Open Terminal to enter the web console.
- Copy and paste the Username provided in your server credentials into the terminal and hit Enter.
- Copy and paste the Temporary Password into the terminal and hit Enter.
Note: The password will be hidden when you paste it.
- Paste the temporary password again and hit Enter.
- Enter a new password and hit Enter.
- Retype your new password and hit Enter.
Setting up a cloud server firewall
Protecting your cloud server with a firewall is a vital part of cloud server safety. When enabling a firewall on your cloud server with Firewalld or UFW, allow port 31297, which is the port that allows the web console to function.
Tip: All commands must be run as root.
Firewalld
To make sure the web console isn’t blocked, add port 31297 in one command when configuring your firewall:
systemctl start firewalld && firewall-cmd --add-port 31297/tcp --permanent
&& firewall-cmd --reload
UFW
Starting UFW doesn’t automatically enable the firewall, so you can run these commands in two separate entries.
- Make sure the firewall service is running. This is slightly different depending on the version of Ubuntu:
- Ubuntu 16:
systemctl start ufw
- Ubuntu 14:
service ufw start
- Ubuntu 16:
- Add port 31297 to the firewall to unblock the web console.
Tip: Add port 22 for standard SSH.
ufw allow 31297 ufw allow 22 ufw enable
Common questions
What ports are open on cloud servers?
The details provided with your cloud server include a public IP address and a private IP address. If you're using the public IP address, only certain ports are open to external traffic. All ports are open to internal traffic to your servers if you're using a private IP address.
These ports are allowed for incoming traffic only. The rules are stateful, so once a connection is established, the connection is allowed to return on the same port. Outbound traffic originating from cloud servers are only allowed on ports 22, 80, and 443 to the public internet. All other outbound traffic is restricted to within the cloud server's security group.
The following ports are allowlisted and available to use across the public internet on cloud servers:
- 22
- 80
- 443
- 873
- 1433
- 2222
- 3000
- 3306
- 3389
- 4505
- 5222
- 5432
- 5269
- 5601
- 6080
- 6443
- 7077
- 8000-8100
- 8140
- 8142
- 8443
- 9090-9094
- 9990
- 9100
- 9261
- 30000
- 30080-30089
- 31297
- 54663
- 61297
- 61613
- 65535
How do I reset the password for a cloud server?
Note: These instructions are intended for cloud server password resets. See Resetting or changing your ACG password for account password resets.
To reset the password for a cloud server:
- Navigate to the Cloud Servers page.
- Click the Quick Actions menu for the server you want to reset the password for.
- Click Reset Password.
This resets whatever password you set for the cloud server when you first logged in. The Temporary Password in the cloud server's credentials remains the same.
What do I do if I can't connect to a cloud server?
Try the following:
- If you’re creating a new server or restarting an existing one, wait a few minutes before connecting.
- If you get a Connection Timed Out message, make sure that your router or firewall/network security policy allows for outbound TCP traffic through port 22 (SSH).
- If you can connect using a public hostname but not the public IP address for your server, try running the
dig
command on the public hostname of your server in a terminal application. Check to verify that the IP address it returns matches the public IP address listed in your Cloud server details. If it doesn't match, stop and restart the server, then rundig
on the public hostname again. When the IP addresses match, try connecting again.
If you still can't connect, contact Support.
How do I resolve the "authorization token manipulation" error?
This error occurs if you try to change your cloud_user
password without entering the current password first. You’ll notice that when you first access the root account using the su-
command, or when you first connect to a server using the provided credentials, you'll be prompted to change the password. To change the password, you must enter the "current" temporary password one more time.
To try again, reconnect to the server and enter the following information in this order:
- Username provided for the server under Credential
- The temporary password
- The temporary password again
- Your new password
- Your new password again
Why can’t I SSH as the root user?
As a security best practice, you won't be able to SSH into any of your cloud servers as the root user by default. Once you’ve successfully logged in and changed the root user's password, you can decide whether you want to connect directly and make the appropriate configuration change to your SSH setup.
Can I connect to a cloud server using a graphical interface?
No.